diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..c6ff4e5 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,123 @@ +kind: pipeline +type: docker +name: linux-amd64 + +platform: + os: linux + arch: amd64 + +steps: + - name: docker + image: plugins/docker + settings: + purge: true + no_cache: true + auto_tag: true + auto_tag_suffix: linux-amd64 + repo: spcodes/hidden-service + build_args: + - ARCH=amd64 + username: + from_secret: USERNAME + password: + from_secret: PASSWORD + +trigger: + branch: + - main + event: + - push + +--- +kind: pipeline +type: docker +name: linux-arm + +platform: + os: linux + arch: arm + +steps: + - name: docker + image: plugins/docker + settings: + purge: true + no_cache: true + auto_tag: true + auto_tag_suffix: linux-arm + repo: spcodes/hidden-service + build_args: + - ARCH=arm + username: + from_secret: USERNAME + password: + from_secret: PASSWORD + +trigger: + branch: + - main + event: + - push + +--- +kind: pipeline +type: docker +name: linux-arm64 + +platform: + os: linux + arch: arm64 + +steps: + - name: docker + image: plugins/docker + settings: + purge: true + no_cache: true + auto_tag: true + auto_tag_suffix: linux-arm64 + repo: spcodes/hidden-service + build_args: + - ARCH=arm64 + username: + from_secret: USERNAME + password: + from_secret: PASSWORD + +trigger: + branch: + - main + event: + - push + +--- +kind: pipeline +type: docker +name: manifest + +steps: + - name: publish-latest + image: plugins/manifest + settings: + ignore_missing: true + target: spcodes/hidden-service + template: spcodes/hidden-service:OS-ARCH + platforms: + - linux/amd64 + - linux/arm64 + - linux/arm + username: + from_secret: USERNAME + password: + from_secret: PASSWORD + +depends_on: + - linux-amd64 + - linux-arm64 + - linux-arm + +trigger: + branch: + - main + event: + - push diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1062418 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.idea/ +*.iml diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c10e70e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,20 @@ +ARG ARCH +FROM amd64/debian:10.7-slim@sha256:b1af07039fe341833982bae85a2724ac8600ec5c74c37277c7a6ef7cddfb2cd0 AS base-amd64 +FROM arm32v7/debian:10.7-slim@sha256:d31590f680577ffde6bd08943e9590eaabdc04529ea60f4bb6f58cddbc33f628 AS base-arm +FROM arm64v8/debian:10.7-slim@sha256:01b65c2928fed9427e59a679e287a75d98551ea2061cf03c61be0c7e1fc40fef AS base-arm64 +FROM base-${ARCH} + +RUN apt-get update && apt-get upgrade -y && apt-get install -y \ + curl="7.64.0-4+deb10u1" \ + tor="0.3.5.12-1" && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* && \ + useradd --system -M --shell /usr/sbin/nologin tor + +COPY entrypoint.sh / + +VOLUME /web + +USER tor + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..78769d8 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +echo '[+] Starting tor' + +cat > /etc/tor/torrc << EOF +DataDirectory /tmp/tor +HiddenServiceDir /web/ +Log notice stdout +EOF + +if [[ -n "${PRIVATE_KEY}" && -n "${REDIRECT}" ]]; then + echo "[+] Starting the listener at port ${LISTEN_PORT:-80}, redirecting to ${REDIRECT}" + echo "${PRIVATE_KEY}" > /web/private_key + cat >> /etc/tor/torrc << EOF +HiddenServicePort ${LISTEN_PORT:-80} ${REDIRECT} +EOF +fi + +tor -f /etc/tor/torrc diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..90eb907 --- /dev/null +++ b/renovate.json @@ -0,0 +1,41 @@ +{ + "assignees": [ + "samuel-p" + ], + "baseBranches": [ + "main" + ], + "rangeStrategy": "bump", + "rebaseWhen": "behind-base-branch", + "regexManagers": [ + { + "fileMatch": [ + "^Dockerfile$" + ], + "matchStrings": [ + "\\s+(?[a-z0-9\\-]+?)=\"(?.*?)\"" + ], + "lookupNameTemplate": "debian_stable/{{{depName}}}", + "versioningTemplate": "loose", + "datasourceTemplate": "repology" + } + ], + "packageRules": [ + { + "datasources": [ + "repology" + ], + "groupName": [ + "base dependencies" + ] + }, + { + "datasources": [ + "docker" + ], + "groupName": [ + "docker images" + ] + } + ] +}